Re: SELinux preventing D-Bus starting ConsoleKit etc - Was: F10 - pulseaudio not running

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 05/20/2009 04:23 AM, Mike Fleetwood wrote:
I wrote:
I can see that on my functioning desktops that before login, gdm has
been granted read-write access, via ACLs, to the sound device files in
/dev/snd/.  After GDM login my user is granted read-write instead.

On my broken desktop there are no ACLs granting extra permissions.  I
have now restored the original permissions on the /dev/snd/* files and
added my user read-write access via ACLs.  Still pulseaudio does not
start.

I also noticed that on my broken desktop, console-kit-daemon is not
running.  So far I have only found that console-kit-daemon may have
been started with /etc/rc.d/init.d/ConsoleKit circa Fedora 8.  That
consoleKit service script been removed in Fedora 10 and I don't yet
know how console-kit-daemon is meant to be started.

Is console-kit-daemon running even relevant to GDM adding ACLs for the
console user to access devices?  Probably.  Is this relevant to why
pulseaudio fails to start?  Don't know as even when standard file
permissions, rather than ACLs, allowed access to /dev/snd/* pulseaudio
died on startup.

 From my functional home desktop ...
[mike@rockover ~]$ getfacl -p /dev/snd/controlC0
# file: /dev/snd/controlC0
# owner: root
# group: root
user::rw-
user:mike:rw-
group::rw-
mask::rw-
other::---
(Same results of additional user mike ACL for all devices in /dev/snd/).
[mike@rockover ~]$ ck-list-sessions
Session4:
        unix-user = '500'
        realname = 'Mike Fleetwood,,,,'
        seat = 'Seat1'
        session-type = ''
        active = TRUE
        x11-display = ':0'
        x11-display-device = '/dev/tty1'
        display-device = ''
        remote-host-name = ''
        is-local = TRUE
        on-since = '2009-04-08T19:06:01.429138Z'
        login-session-id = '702'
[mike@rockover ~]$ ps -ef | fgrep console-kit-daemon
root      2477     1  0 Apr08 ?        00:00:00 /usr/sbin/console-kit-daemon
mike     23954 19225  0 12:05 pts/0    00:00:00 fgrep console-kit-daemon

 From my broken work desktop ...
[mfleetwo@mfleetwo3 ~]$ su -
Password:
[root@mfleetwo3 ~]# chmod o= /dev/snd/*
[root@mfleetwo3 ~]# setfacl -m u:mfleetwo:rw /dev/snd/*
[root@mfleetwo3 ~]# ls -l /dev/snd/*
crw-rw----+ 1 root root 116, 7 2009-04-22 13:13 /dev/snd/controlC0
crw-rw----+ 1 root root 116, 6 2009-04-22 13:13 /dev/snd/hwC0D0
crw-rw----+ 1 root root 116, 5 2009-05-06 12:15 /dev/snd/pcmC0D0c
crw-rw----+ 1 root root 116, 4 2009-05-06 12:15 /dev/snd/pcmC0D0p
crw-rw----+ 1 root root 116, 3 2009-04-22 13:13 /dev/snd/seq
crw-rw----+ 1 root root 116, 2 2009-04-22 13:13 /dev/snd/timer
[root@mfleetwo3 ~]# getfacl -p /dev/snd/controlC0
# file: /dev/snd/controlC0
# owner: root
# group: root
user::rw-
user:mfleetwo:rw-
group::rw-
mask::rw-
other::---
[root@mfleetwo3 ~]# exit
logout
[mfleetwo@mfleetwo3 ~]$ pulseaudio --start --log-target=syslog
I: caps.c: Limited capabilities successfully to CAP_SYS_NICE.
I: caps.c: Dropping root privileges.
I: caps.c: Limited capabilities successfully to CAP_SYS_NICE.
[WARN  9224] polkit-session.c:144:polkit_session_set_uid(): session != NULL
  Not built with -rdynamic so unable to print a backtrace
[mfleetwo@mfleetwo3 ~]$ echo $?
1
[mfleetwo@mfleetwo3 ~]$ ps -ef | fgrep pulseaudio
[mfleetwo@mfleetwo3 ~]$ ck-list-sessions

** (ck-list-sessions:9244): WARNING **: Failed to get list of seats:
Cannot launch daemon, file not found or permissions invalid
[mfleetwo@mfleetwo3 ~]$ ps -ef | fgrep console-kit-daemon

I have identified that my issues are caused by SELinux.  I have
rebooted with enforcing=0 to switch SELinux into permissive mode and
ConsoleKit and Pulseaudio start correctly and audacious plays music.
Even after performing a full relabelling of the SELinux security
context of all files by touching /.autorelabel and rebooting, SELinux
in enforcing is preventing D-Bus starting ConsoleKit and Pulseaudio
starting.  Investigation into SELinux continuing.

E.g. SELinux in enforcing mode:
[root@mfleetwo3 ~]# id -Z
unconfined_u:unconfined_r:unconfined_t:SystemLow-SystemHigh
[root@mfleetwo3 ~]# service messagebus status
env: /etc/init.d/messagebus: Permission denied

and SELinux in permissive mode:
[root@mfleetwo3 ~]# service messagebus status
dbus-daemon (pid 2736 2055) is running...

Thanks,
Mike

Are you fully yum update on selinux policy?


yum -y upgrade selinux-policy-targeted


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux